Article Details
Scrape Timestamp (UTC): 2026-01-02 19:03:22.455
Original Article Text
Click to Toggle View
Covenant Health says May data breach impacted nearly 478,000 patients. The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. The healthcare entity initially reported in July that the data of 7,864 people had been exposed, but further analysis has revealed a larger impact. After completing “the bulk of its data analysis,” Covenant Health now says that 478,188 individuals were affected. Covenant Health is a Catholic healthcare provider based in Andover, Massachusetts, operating hospitals, nursing and rehabilitation centers, assisted living residences, and elder care organizations across New England and parts of Pennsylvania. Qilin ransomware attack Covenant Health learned on May 26, 2025, that an attacker had breached its systems eight days earlier, on May 18, and gained access to patient data. In late June, the Qilin ransomware group claimed the attack, stating that it had stolen 852 GB of data comprising nearly 1.35 million files. The organization says the exposed information may include names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance information, and treatment details (e.g., diagnoses, dates of treatment, type of treatment). In a copy of the notice, Covenant Health says it engaged third-party forensic specialists to determine what data was affected and how many individuals were impacted. "That review is ongoing," the organization said, without providing a timeline for finishing the investigation and its impact. Covenant Health said that it has strengthened the security of its systems, to prevent similar incidents in the future. The healthcare entity Covenant Health is offering affected individuals 12 months of free identity protection services to help detect potential misuse of their information. Beginning December 31, the organization started mailing data breach notification letters to patients whose information may have been compromised in the May intrusion. 7 Security Best Practices for MCP As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe. This free cheat sheet outlines 7 best practices you can start using today.
Daily Brief Summary
Covenant Health, a Massachusetts-based healthcare provider, reported a data breach impacting 478,188 patients, significantly higher than the initially reported 7,864 individuals.
The breach, attributed to the Qilin ransomware group, involved unauthorized access to patient data, including sensitive personal and medical information.
Qilin ransomware group claims to have stolen 852 GB of data, encompassing 1.35 million files, during the May 2025 attack.
Covenant Health has engaged third-party forensic specialists to assess the breach's scope and the specific data compromised, with the investigation still ongoing.
In response, Covenant Health has enhanced its system security measures to prevent future breaches and is offering affected patients 12 months of free identity protection services.
Notification letters were dispatched to affected patients starting December 31, informing them of the breach and the potential risks to their personal information.
This incident underscores the critical need for robust cybersecurity measures in the healthcare sector to safeguard sensitive patient data.